Abstract

We propose a continuous variable based quantum key distribution protocol that makes use of discretely signaled coherent light and reverse error reconciliation. We present a rigorous security proof against collective attacks with realistic lossy, noisy quantum channels, imperfect detector efficiency, and detector electronic noise. This protocol is promising for convenient, high-speed operation at link distances up to 50 km with the use of post-selection.

©2009 Optical Society of America

1. Introduction

Quantum key distribution (QKD) systems [1, 2, 3] make use of optical quantum fluctuations to establish shared secret keys between two legitimate users (Alice and Bob) such that an eavesdropper (Eve) who makes optimal physical measurements can know, on average, none of the bits of the secret key. After a number of samples of a correlated randomvariable are obtained by means of quantum measurements, a reconciliation phase assures agreement of Alice and Bob’s data. Finally, a privacy amplification phase uses universal hash functions to eliminate Eve’s potential partial information at the cost of shrinking the length of Alice and Bob’s shared data. Systems thatmeasure arrivals of single photons are called discrete variable systems, while those that use homodyne or heterodyne detection to measure the continuous-valued electromagnetic field and are called continuous variable systems [4]. Discrete QKD is well developed in terms of security analyses, experiments, and commercial products. One important avenue of research for QKD systems seeks to improve rates. The counting rate limitations for non-cryogenic detectors are 15 MHz for silicon photon counters and new greatly improved counter speed of approximately 100 MHz for InGaAs photon counters. These limits are due to dead times required to clear avalanche carriers, which produces spurious afterpulsing counts.

Unlike photon counters, homodyne and heterodyne detectors do not require dead times and thus continuous variable QKD (CVQKD) systems [5, 6, 7] are in principle scalable to standard telecom rates, such as 10 GHz. However, homodyne and heterodyne measurements result at minimum in vacuum noise manifesting its self as Gaussian distributed randomness with noise power that remains constant as signals attenuate with length. This limits the achievable secure link length to a smaller distance than is achievable for discrete QKD. Thus CVQKD may be preferable at short and medium distances.

The two classes of CVQKD systems use continuous signaling [7, 8] and discrete signaling [9]. Continuous signaling, where Alice sends 2 independent Gaussian distributed random variables in the x and y quadratures of the field, is themost studied because proofs against individual and collective attacks exist [10, 11, 12, 13]. An individual attack describes manipulation of individual timeslots and optimal quantum measurement by Eve on light in that timeslot, while collective attacks describe manipulation of individual timeslots and optimal joint measurement of several or many timeslots. State-of-the-art continuously signaled experiments provide security against collective attacks, and demonstrate final key rate limited to 2 kB/sec [14]. This limitation is due not to the physical layer, but to the time required to implement reconciliation on a typicalmicroprocessor. Attempts to increase speed have led to proposals for post-selection, and recently to a protocol that can be proved secure against collective attacks if infinite dimensional conditional homodyne tomography can be implemented on a subset of data [15]. It has been clear to many CVQKD researchers that a discretely signaled CVQKD protocol would be advantageous in terms of simplicity and several have been proposed. However, it has been pointed out that the security of discretely signaled systems under collective attacks remains an open problem for the practical case of excess noise in the channel [16]. Very recent work on the security of a binary modulated CVQKD system [17] showed quite limited tolerance to excess noise. However, we will show that quantum tomography in a protocol can greatly improve the situation.

In order to increase distance, the technique of post-selection has been proposed for CVQKD [18, 19, 20, 21]. In post-selection schemes, only a subset of the data is used, improving the signal-to-noise ratio between Alice and Bob. CVQKD experiments have been implemented with post-selection [19, 20, 21], but without security proofs. Although Gaussian attacks have been proved to be optimal against continuously signaled CVQKD systems, the optimal attack for post-selection based CVQKD protocols is unknown yet. Recent recent progress on the security analysis of post-selection [15] gave a proof of a post-selection protocolwhen there is excess gaussian noise introduced into the channel. The protocol presented in their paper requires full conditional state tomography.

In order to permit faster and longer links, one needs to overcome the following obstacles. First, a very efficient reconciliation protocol is needed. Although theoretically, reverse reconciliation enables CVQKD links of infinite distance, as CVQKD link length increases, the minimum reconciliation efficiency required for positive secrecy capacity, β 0, approaches 1. This differs from discrete QKD. Second, reconciliation needs to be simple and fast. In order to correct errors between Alice and Bob, one usually seeks continuous variable based error correction codes to be as efficient as possible. However, highly efficient error correction codes are also slow. We note that codes for binary symmetric channel are usually simpler and faster. By turning the continuous variable based error correction problem into a binary based error correction problem, several advantages come. First, it is easier to find corresponding error correction codes working at a rate very close to Shannon limit while keeping a lower decoding complexity. Furthermore, if the required error correction efficiency is lowered for a given distance, then we may be able to find a reconciliation code with corresponding lower efficiency but greater speed. As a result, the distance and throughput of CVQKD systems would be significantly improved.

We propose a protocol for discretely signaled CVQKD that is designed for simple implementation with normal network hardware and with the goal of improving reconciliation speed. The protocol uses reverse reconciliation only and can optionally use post-selection. We prove security for collective attacks on a lossy, noisy channel. The novel contributions of this paper are the combination of discrete signaling with tomography on a subset of data to restrict Eve’s attacks, the use of novel analytical and computational techniques for calculating collective security with channel excess noise, and the level of attention that is paid to reconciliation speed in the design and analysis. The paper is organized as follows: Section II contains a description of the protocol, while Section III contains a security analysis under collective attacks. We have placed computational details in the Appendix. Section IV contains security results for some practical cases of interest, Section V is a general discussion of the results, and we conclude in Section VI.

 

Fig. 1. Alice’s encoding scheme in which she only sends four different coherent states.

Download Full Size | PPT Slide | PDF

2. The quantized input-quantized output CVQKD protocol

According the previous discussions, binary reconciliation is attractive in order to improve CVQKD distance and speed. In 2006, Namiki proposed a CVQKD scheme using discrete encoding and post-selection [9]. Although the protocol then results in binary reconciliation, the security analysis was only developed for individual attacks. Second, the experimentally relevant case of excess noise in the channel was not treated. This case is important because system imperfections typically result in some additional noise, which should be treated for security purposes as if Eve controls it. Third, for low channel efficiency, the possibility of selecting a quantum state is low enough that most of the measurements are discarded.

In order to obtain positive secrecy capacity, it is desirable that Alice and Bob nearly achieve the capacity of the channel given the signal-to-noise ratio. Recently, a new result of classical information theory [22] shows that for a lossy gaussian channel with given signal-to-noise ratio, when Bob quantizes the received data, the optimal way for Alice to encode data is to also send quantized data. Specifically, under the condition that Bob performs binary quantization, Alice needs only send binary data and achieve the channel capacity. This result is significant for reverse-reconciliation CVQKD because it indicates that if Bob quantizes the data received, then Alice does not need to send gaussian modulated signals but should send binary signals.

The quantized input-quantized output(QIQO) CVQKD protocol is described below:

Step 1: Alice randomly picks up a random variable xk ∈ {1,2,3,4} and encodes a coherent state φxkk{α1=r+ri,α2=rri,α3=r+ri,α4=rri}, where r is a positive real number depending on Bob’s signal-to-noise ratio and k denotes the index of time slot, and sends it through a lossy and noisy quantum channel. Alice’s encoding scheme can be described in Fig. 1.

Step 2 Bob receives a quantum state from the quantum channel. With probability p, each measurement is assigned to channel characterization, where Bob randomly chooses a local oscillator phase ϕk of 0, π/4 or π/2, makes a homodynemeasurement and records the real result [23]. With probability 1-p, that measurement is assigned a data collection index k, where Bob randomly chooses a local oscillator phase ϕk of 0 or π/2 before performing homodyne detection. If his measurement result is greater than T, where T≥0 is Bob’s decision threshold, then he quantizes the result to qk=1. If Bob’s measurement result is less than -T otherwise, he quantizes the data to qk=−1. For other cases where his measurement result is between -T and T, Bob quantizes his data to qk=0. When qk=0, the data from the corresponding time slot will not be selected in the post processing. When T=0, it reduces to the case without post-selection.

To summarize these two steps, Alice uses random QPSK signaling but Bob’s collected data are digitized BPSK.

Step 3:When all quantumcommunication has been finished, Bob reveals to Alice which time slots that were used for characterization phasemeasurements. Alice reveals to Bob the state that she has sent for those time slots. Then Bob performs conditional quantum tomography for each one of the four particular coherent states that Alice sent. Only three different collection angles are required to achieve a good estimate of the received state [23]. We know that without Eve, the channel can be modeled as a beamsplitter with two inputs, one of which is Alice’s output to the quantum channel and the other one is the excess channel noise mode.

b̂=ηâ+1ηε̂n,

where b̂ is the output of beamsplitter going to Bob’s detectors and η is quantum efficiency of the quantum channel. For any field quadrature of Bob, we have

Q̂b=ηQ̂a+1ηQ̂εn.

Assume pb(q), pa(q) and pεn (q) are the possibility distributions of the three quadratures, we have

Pb(q)=Pa(ηq)*Pεn(1ηq),

where * is a convolution. By Fourier transform techniques, we can find pε (q) once we know pa(q) and got pb(q) fromtomography. Therefore, we can also reconstruct ρ̂εn based on quantum tomography on ρ˜b. For the protocol, Bob performs quantum conditional tomography for all four cases. Then Bob can reconstruct ρ̂εn for all four cases. The protocol requires that the reconstructed ρ̂εn for all four cases to be the same. Otherwise, Alice and Bob abort the protocol.

Step 4: For each data collection time slot, Bob reveals the local oscillator phase that was chosen. If Bob used ϕk=0, then Alice records ak=1 for the case where xk=0 or xk=1 and ak=−1 for the case where xk=2 or xk=3. If Bob used ϕk=12π, then Alice records ak=1 for the case where xk=0 or xk=2 and ak=−1 for the case where xk=1 or xk=3.

Step 5: Bob sends checkbits to Alice over a public channel, i.e. reverse reconciliation. The reconciliation is strictly one-way.

Step 6: Alice and Bob perform privacy amplification to distill the final secure key.

3. Security analysis

In this section, we analyze the security of the QIQO CVQKD protocol against collective attacks, where Eve interacts with incoming quantum states individually and makes joint multi-timeslot measurements after knowing Bob’s measurement basis. The security of CV QKD systems can be guaranteed by fundamental limits of the noise coming from the quantum measurements. However, since the quantum channel can always introduce some excess noise, this amount of noise could potentially have been introduced by Eve, and may thus weaken the security of the system. We treat the excess channel noise rigorously. We divide this section into two subsections. In the first subsection, we analyze the simpler case where there is no excess channel noise but Bob’s homodyne detector has a given quantum efficiency and Bob also has some additive gaussian electronic noise. We will give an analytical solution for this case. In the second subsection, we analyze the case where measured excess noise is assumed to have the quantum channel as its source.

For collective attacks, the secrecy capacity between Alice and Bob in bits per channel use is defined to be

ΔI=I(A;B)χ(B;E),

where I(A;B) is the mutual information between Alice and Bob. However, practical reconciliation codes do not reach the Shannon limit. If we define a reconciliation efficiency β, then the practical secrecy capacity in this case becomes

ΔI=βI(A;B)χ(B;E).

In order to make the practical secrecy capacity positive so that Alice and Bob can distill a secure key by privacy amplification, there exists a minimal required reconciliation efficiency β 0 where

β0I(A;B)χ(B;E)=0.

For the binary symmetric channel in our protocol, I(A;B) can be completely determined by the signal-to-noise ratio of Bob. I(A;B) can be calculated as Eq. (7) and Eq. (8),

eAB=112πSNRex22dx.
I(A;B)=1h(eAB),

where h(p)=−plog2(p)−(1−p) log2(1−p) is the binary entropy function.

χ(B;E) is the Holevo information between Bob and Eve, which is defined to be

χ(B;E)=S(ρ̂E)ΣipiS(ρ̂E|q=i),

where S(ρ̃E) is the von Neumann entropy of Eve’s mixed state. ρ̃E|q=i is Eve’s mixed state given Bob’s measurement result and pi is the probability that Bob’s measurement is i. For our binary symmetric case, we can rewrite χ(B;E) to be

χ(B;E)=S(ρ̂E)12S(ρ̂E|q=1)12S(ρ̂E|q=1)=S(ρ̂E)S(ρ̂E|q=1)

for an optimal attack.

3.1. Analytical solution for no excess channel noise case

When there is no excess channel noise, Bob’s received state is a coherent state given Alice sent a particular quantumstate. When the tomographic subset verifies Bob’s received state, Eve’s only possible attack is a beam splitter attack, where Eve replaces the lossy channel with a perfect one and uses a beam splitter to simulate the lossy effect of the channel. Suppose the quantum efficiency of the quantum channel is h, then Bob’s received quantum states are |√ηαi〉 and Eve’s received quantum states are 1ηαi. It is straight forward to give the expression for ρ̃E,

ρ̂E=Σi=14141ηαi1ηαi.

The second term of χ(B;E) relates directly to the error rate of the binary symmetric channel. Let’s consider the case where Bob chose ϕ=0 as the phase for homodyne detection. Given Bob’s quantized data q=1, the possibility that Alice sent |α 1〉, |α 2〉, |α 3〉 and p1|q=1=12(1eAB), p2|q=1=12eAB, p3|q=1=12(1eAB) and p4|q=1=12eAB respectively. Therefore, the second term of χ(B;E) is

ρ̂E|q=1=Σi=14pi|q=1η1αiη1αi.

The error rate eAB is directly related to the signal-to-noise ratio of Bob. Suppose the vacuum variances of both quadratures are ΔX2=ΔY2=VS=14 and the variance of electronic noise is Vel, then variance of Bob’s detection noise is

VB=VS+Vel.

The signal-to-noise ratio then reads,

SNR=ui2VB,

where ui={ηηmαi} is Bob’s average value of X quadrature when Alice sent αi. ηm is the detection efficiency of the homodyne detector. Combining Eq. (13) and Eq. (14), we have

SNR=2{ηηmαi}Vs+Vel.

Together with Eq. (7), we calculate the error rate of the binary symmetric channel between Alice and Bob. Combining the above equations, we get the analytical expression for the secrecy capacity between Alice and Bob for the case where there is no excess noise.

3.2. Numerical simulation for the general case with excess channel noise

In the case where excess noise is introduced into the quantum channel, the analysis is more complicated and numerical simulations are required. We will prove that with small amounts of excess noise, the security of the QIQO CVQKD scheme can still be guaranteed. The details of the numerical simulation are listed in the appendix.

3.2.1. Validity of channel model

We will show that Eve’s optimal collective attack is the entangling beamsplitter attack (see Fig. 2), where Eve replaces the lossy fiber with a lossless channel and mixes one of two entangled beams (ρ̂εn) on a beamsplitter while additionally monitoring one of the outputs (ρ̂εr). Conditional homodyne tomography serves to make the optimality of the entangled beamsplitter attack provable.

We need note that Eve’s attack is a unitary operator which maps the product state of Eve’s original ancillary state and Alice’s output state to the input state measured by Bob’s detectors and to the final ancillary state. If the input ancillary state and Alice’s output state are given, and the output states of the unitary operator are also given, then the unitary operator can be regarded as a black box. In this case, the internal structure of the black box does not matter because the secrecy capacity of the system is only a function of the output of the black box. In other words, only the output quantum state matters and how the state was generated does not. Eve’s unitary operation can be denoted as

|Φi=M̂(ΨEαi),

where i denotes Alice’s picked state and |ψ〉E denotes Eve’s original ancillary states. Then Bob’s incoming density matrices are given by a trace over Eve’s Hilbert space

ρbi=TrE(ΦiΦi).

We know that ρbi can be obtained by quantumconditional tomography and according to Eq. (1), each i can be expresses as a superposition of Alice’s mode and another excess noise mode, we can decompose M̂ into three different unitary operators Ô, P̂ and Q̂. Ô creates ρ̂εn from Eve’s original ancillary states

ρ̂εn=Trr[Ô(ΨEΨ)ô],

where Trr denotes the trace over the rest Eve’s state beside εn. The role of operator P̂ is to interact ρ̂εn with |αi〉 on a beamsplitter to create ρbi. P̂ can be written as

P̂=[η1η1ηη].

The role of Q̂ is to map the final state back to |¦i〉. We have

Q̂=M̂ÔP̂.

Since for all four cases, M̂ and Ô, P̂, Q̂ give the same output, the decomposition is therefore equivalent to the unitary operator M̂. The idea of decomposition can be found in Fig. 3.

 

Fig. 2. Model of relevant quantum channels. ρ̂εn and ρ̂εr, density matrices produced by Eve’s EPR source; ρ̂a, density matrix of signal sent by Alice; ρ̂b and ρ̂b, density matrix before Bob’s detector inefficiencies and after detector inefficiencies; ρ̂εn, density matrix post-beamsplitter, measured by Eve; ρ^ hom, density matrix of equivalent mode consisting of light lost to detector inefficiencies. τ is the squeezing parameter of EPR source, η is the channel efficiency, and η m is Bob’s detector efficiency.

Download Full Size | PPT Slide | PDF

We note here that the operator Q̂ is a post-processing on Eve’s states. According to quantum data processing theorem [24], this operation does not increase Eve’s accessible information. Therefore, we can safely only consider the system without Q̂ since Q̂ can only decrease Eve’s accessible information. In anther word, considering ρεr and ρεn is enough for calculating Eve’s accessible information.

 

Fig. 3. Eve’s attack operator M̂ can be decomposed into three sub-operators Ô,P̂ and Q̂, which give the same output quantum states.

Download Full Size | PPT Slide | PDF

3.2.2. Mathematical description of the channel model

As an example, we calculate an representative case where the excess channel noise is thermal. If the channel noise is not thermal, as long as we reconstruct ρεn, we still can use the same method to calculate the secrecy capacity. In Fig. 2, ρ̂εn is Eve’s input mode to the operator P̂. Whatever Bob’s state, he can infer Eve’s input mode because he also knows Alice’s sent state. Mathematically, ρ̂εn can be written as,

ρ̂εn=(1τ2)Σn=0τ2nnn.

In the Schrödinger picture, we assume Eve’s State to be a pure state Ψεn,εr, where the subscript εr denotes the rest of the system modes besides εn. One should note that although the notation here implies that Eve is using a two mode state, Eve is not actually limited to a two mode state. The quantumtomography only guarantees that the inputmode εn to the beamsplitter be a thermal state. Subscript εr denotes Eve’s arbitrary number of modes, that remain besides εn. Since Eve’s entire quantum state is pure, the condition in Eq. (22) must satisfy,

ρ̂εn=Trεr(Ψεn,εrΨ),

Without loss of generality, one can assume Ψεn,εr has the form in Eq. (23),

Ψεn,εr=1τ2n=0τnnεnϕ(n)εr,

where 〈ϕ(n)|ϕ(n′)〉=δn,n′.

Similar to other security proofs of CVQKD schemes, we make use of an entanglement based picture: we assume Alice also has a entanglement source that generates the quantum state in Eq. (24),

ΨA=Σi=1412αiaia,

which is a two mode state. In mode a′, the state is expressed in the Fock basis and in mode a the state is expressed in the coherent basis. Alice then makes a photon number counting measurement onmode a′, which projects the state of mode a into one of the four coherent states, i.e., ρ̂a=Tra(A|ψa,aψ|A)=i=1414|αiaαi, which corresponds to the case where Alice randomly chooses one of the four coherent states and sends it through the quantum channel. The quantum state of the entire system becomes

|Φ=B̂b,hom(ηm)B̂a,εn(η)|ψA|Ψεn,εr|0hom,

where B̂b,homm) and B̂a,εn(η) denote the unitary operator of BS1 and BS2.

Bob then makes a homodyne measurement on mode b′. Each measurement results, by the state reduction postulate of quantum mechanics, in the rest of the system is collapsing into a pure quantum state. Suppose Bob’s homodynemeasurement results in a real-valued number X, then the system collapses into the state

ΞX=bXΦΦXbXΦ,

Tracing over Alice’s mode a′ and the hom mode, one obtains Eve’s density matrix given the measurement result X,

ρ̂EX=Tra,hom(ΞXΞX).

The probability that ρ̂XE is generated is

p(ρ̂EX)=ΦXbXΦ.

Eve’s density matrix ρ̂E is then of the form Eq. (29),

ρ̂E=p(ρ̂EX)ρ̂EXdx

Experimental homodynemeasurements result in classical electronic noise, resulting in a real-valued measurement rB=X+Nel that is the sum of X, from the homodyne measurement, and Nel, which is a Gaussian distributed random variable denoting the electronic noise. Without post-selection, the protocol requires that Bob quantize rB according to its sign. If rB>0 Bob sets q=1, otherwise, Bob sets q=−1. We are interested in the conditional density matrix of Eve given Bob’s quantization result. Without loss of generality, we only analyze the case in which q=1.

Because the system begins in a pure state, Eve’s density matrix becomes a function of Bob’s homodyne measurement result X. However, Bob’s quantization result not only depends on X, but also depends on Nel, which is independent of X. We can always regard Eve’s conditional density matrix as a superposition of different ρ̂XE with different probability p(ρ̂XE |q=1). Therefore, Eve’s conditional density matrix can be written as Eq. (30),

ρ̂E|q=1=p(ρ̂EX|q=1)ρ̂EXdx.

We are now interested in p(ρ̂XE|q=1). According Bayes’ theorem,

p(ρ̂EX|q=1)=p(ρ̂EX)p(q=1|ρ̂EX)p(q=1).

We have the expression for p(ρ̂XE) from Eq. (28) and because of Alice’s symmetric signaling, we have p(q=1)=12.p(q=1|ρ̂EX) also depends on Vel, which is the variance of the electronic noise.

p(q=1|ρ̂EX)=12πVelXexp(x22Vel)dx.

Next we deduce eAB. According to Eq. (7), in order to obtain eAB, we have to calculate the signal-to-noise ratio of Bob. When the quantumchannel is introducedwith some excess thermal noise, Bob’s noise is actually made up of three different parts. The first part is the vacuumnoise, whose variance is always 14. The second part is the electronic noise, whose variance is Vel. And the third part is the thermal noise. The variance of the thermal noise depends on τ, which is the squeezing factor of Eve’s EPR source, and η, which is the quantum efficiency of the channel. Let the average thermal photon number be 〈nth〉. We have

nth=(1τ2)Σn=0nτ2n=τ21τ2.

Then Bob’s noise variance reads

VB=VS+12(1η)ηmnth+Vel.

Using Eq. (34) and Eq. (14), we can get the expression for signal-to-noise ratio for the case with excess noise, which is

SNR=2{ηηmαi}Vs+12(1η)ηmτ21τ2+Vel.

3.3. QIQO CVQKD with post-selection

As discussed in the Section 1, the practical limitation on the key generation rate of CVQKD systems is computational time for reconciliation. Treating the channel as if it were a binary symmetric channel for reconciliation purposes, the complexity of error correction codes used in reconciliation decreases. Suppose that for a given code, the code length is N and the code rate is R=(1-ε)C, whereC is the channel capacity, in this case decoding time complexity is function of ε and N. Typically, it grows polynomially with N. It has also been conjectured in [25] that per-bit complexity of message-passing decoding of LDPC code over any ”typical” channel, such as a binary erasure channel or a binary symmetric channel, is O(log1π)+O(1εlog1ε), where π is the decoding error rate. So the closer the code approaches the Shannon limit, the more complex the code. In other word, the requirement of high β 0 leads to very complex codes. Even so, the decoding error probability drops only polynomially with code length for LDPC codes, which requires even more time complexity to reduce the block error rate to suitable levels.

For the proposed QIQO CVQKD scheme, in order to have positive secrecy capacity, Bob’s signal-to-noise ratio must be very low, i.e., around 0.5, which causes eAB to be very high, i.e., around 25%. In order to fit the error rate to the requirements of those good codes, we need to modify eAB while also changing β 0 little. Post-selection satisfies these requirements.

Bob’s final measurement result is rB=X +Nel when electronic noise is included. According to the proposed protocol, when rB > 0, Bob quantizes it into q=1, otherwise Bob quantizes it into q=−1. With post-selection, we set a threshold T>0. Bob’s quantization rule is modified as follows: for the case rB>T, he quantizes q=1, for the case -TrBT, he sets q=0 and for the case rB <-T, he sets q=−1. Finally, Alice and Bob discard data where q=0 and only make error correction on those data where q≠0. Bob’s decision rule for post-selection can be visualized in Fig. 4:

In order to get the expression for ρ̂E under post-selection, we need to reevaluate the probability of each ρ̂XE. We denote the new possibility as p(ρ̂XE|q≠0). Using Bayes’ theorem, it is rewritten to be

p(ρ̂EX|q0)=p(q0|ρ̂EX)p(ρ̂EX)p(q0)

The first term of the numerator can be expanded as

p(q0|ρ̂EX)=12πVel[(TX)exp(x22Vel)+(T+X)exp(x22Vel)].

The second term of the numerator can be had from Eq. (28). The denominator is the probability of selecting a result. It directly relates to the amplitude of the signal ui, the variance of noise VB and the T, and can be written as:

p(q0)=12πVB[(Tui)exp(x22VB)+(T+ui)exp(x22VB)].

ρ̂XE can be therefore written as

ρ̂EX=p(ρ̂EX|q0)ρ̂EXdx.

One must next calculate p(ρ̂XE |q=1). According to Eq. (31), several terms must be calculated. The first term on the numerator is exactly the same as Eq. (28). The second term of the numerator can be expanded to

p(q=1|ρ̂EX)=12πVel(TX)exp(x22Vel)dx.

Having obtained the preceding probabilities, we get χ(B;E) according to Eq. (10).

 

Fig. 4. Bob’s decision rule under post-selection. Here σS=√VS and σel=√Vel.

Download Full Size | PPT Slide | PDF

Finally, we calculate eAB for post-selection. The symmetry of the states implies that the error rate is the same. So for simplicity, we only calculate the error rate when Alice encodes |α 1〉. We obtain:

eAB=p(q=1Aliceencodesα1)p(q0)=(T+ui)exp(x22VB)dx(Tui)exp(x22VB)dx+(T+ui)exp(x22VB)dx.

The secrecy capacity for post-selection is obtained straightforwardly. We present numerical simulation results and compare them to the case without post-selection in Fig. 6.

 

Fig. 5. The secrecy capacity and required reconciliation efficiency for the system without post-selection.

Download Full Size | PPT Slide | PDF

We note that the post-selection we have proposed does not require high rate multi-bit A/D conversion. It requires only a hard threshold decision. For the case where T=1, almost 10% of the data is selected. Therefore, if the clock rate is high enough, post-selection will not be the factor that limits the system.

4. Discussion of results

Numerical simulation results for a few cases of interest are presented in Fig. 5.

Several observations are in order. First, as expected, it is clear that excess noise reduces secrecy capacity and lowers β 0. This is as expected because we assumed that Eve could make use of the excess noise and thus achieve higher mutual information with Bob. Secondly, it is also clear why β 0 increases with increasing signal-to-noise ratio. This is because at higher SNRs, the signal amplitude increases, which leads Eve to better discrimination between the four states sent by Eve. In order to take advantage of coding, we require a relatively low β 0 and thus we require error correcting codes that work at low SNR. However, at low SNR, the error probability of the binary symmetric channel increases. As discussed in the previous section, very good codes have been found for binary symmetric channels but they are very sensitive to the error probability of the channel. In order to make those codes applicable to our case, we use post-selection on Bob’s received data so that the secrecy capacity (per retained bit) between Alice and Bob goes up dramatically, the error probability (per retained bit) drops dramatically, while the required β 0 remains almost constant. For 25km QIQO CVQKD, a threshold of T=1 is set for post-selection. This leads to postselection of 10% of Bob’s data. For 50km QIQO CVQKD, a threshold T=2 leads to retention of about 1% of Bob’s data. For example, with a broadband source with a symbol rate of 10GS/sec, the retained 1 GS/sec and 100 MS/sec for 25km and 50km QIQO CVQKD respectively. Therefore, the post-selection would not limit the clock rate of the system. For 25km QIQO CVQKD with post-selection, the ideal working region is at a signal-to-noise ratio about 0.25, where the secrecy capacity is 0.2bit/channel use, the error probability is less than 10% and the required β 0 is about 60%. For 50km QIQO CVQKD, the ideal working region is at signal-to-noise ratio about 0.15, where the secrecy capacity is 0.15bit/channel use, the error probability is less than 10% and the required β 0 is about 75%.

 

Fig. 6. The secrecy capacity, required reconciliation efficiency and the error rate on the BSC channel of the system with post-selection

Download Full Size | PPT Slide | PDF

We have also made initial simulations on a simple error correction code and compared the results to previous CVQKD experiments based on post-selection. For 25 km QKD, after the post-selection process, we have an error rate about 7% on the BSC channel. We then use a standard unoptimized LDPC code that corrects all the errors. Running on a Mac laptop, we were able to decode at a processing rate of 600 kbps at an reconciliation efficiency of β=80%. The secrecy key rate per channel use when we take the inefficiency of the error correction code into account is ΔI=βI(A;B)−χ(B;E)=0.1 at 25 km at signal-to-noise ratio 0.45. This results after privacy amplification in a final key rate of 60 kbps at 25 km with channel loss 70%. This provides a speed-up by a factor of 25 over the existing experiment that uses a protocol secure against collective attacks.

Recently, we have become aware of a security analysis on binary modulated CVQKD system has been posted [17] after we presented most of these results [26]. That protocol uses two-state modulation instead of four-state modulation. It does not require quantum tomography. Instead, inequalities and maximum eigenvalues are found to get a upper bound for Eve. The inequalities result in an upper bound less tight than that found in this paper, which makes that protocolmore sensitive to channel excess noise. We also compare out result with [21], which is limited to 50 km with no excess noise. But the scheme proposed in this paper is secure beyond 50km with realistic excess noise and still has high secrecy capacity.

5. Conclusion

We have proposed a quantized input-quantized output continuous variable quantum key distribution protocol. By quantizing the data into binary, the decoding complexity is dramatically decreased. We have given a general proof for general collective attacks and shown numerical simulation results. In order to make the proposed system compatible with the requirements of existing high efficiency and high decoding speed codes, we have also proposed post-selection to allow choosing of the error rate of the binary symmetric channel such that β0 remains constant.

6. Appendix

Numerical simulation techniques

It is difficult to obtain analytical solutions for continuous variable quantum state, because it has infinite dimension. Unlike those protocols based on gaussian modulation of signal, discrete modulation only gives conditional gaussian states instead of global gaussian states. If the global state, such as ρ̂E, is not Gaussian, it’s difficult to find a analytical solution for von Neumann entropy when there excess noise is introduced into the channel. Fortunately, as long as the amount of excess noise is small, it’s still possible to get numerical solutions.

From Eq. (23), one may see that if Eve’s two mode quantum state is expanded into Fock spaces, there would be infinite number of terms. But one may truncate the state into finite number of terms since when τ is small, the amplitudes for large photon numbers are so small that those terms are negligible. For this simulation, we have the excess noise about 0.005 of one shot noise unit and this leads to τ=0.033 for 25km and τ=0.0167 for 50km. Using only the first three terms of the expansion is then justified. In other words, the terms up to 2 photons are preserved. We let EMAX=2 denoting the maximal number of photons.

Now we can approximate Eve’s two mode state using the form in Eq. (42):

|Ψεn,εr=1τ2Σn=0EMAXτnnεnϕ(n)εr.

Then mode εn is interacted with mode a. However, since the quantum state in mode εn is represented in Fock space, it needs to be transformed into coherent form so that the operation of BS1 is performed on two coherent states and the outcome of the operation is also coherent states. Here we use another approximationwhere |n〉 is represented as the superposition of n+1 coherent states [27].

|n,r=c(r)n!er22(n+1)rnΣk=0ne2πin+1k|re2πin+1k,

where c(r) is used to normalize |n, r〉. We have

|n,r0=n.

The accuracy of the approximation is

1cn2=n!(2n+1)!r2(n+1)+o(r4(n+1)),

where |cn|2 is the probability amplitude of |n〉 in |n,r〉. In practice, we set r=0 for |0〉 and r=0.1 for other Fock states.

Thus, we write |Φ〉 in Eq. (46),

Φ=c(r)1τ2Σj=1412jaΣn=0EMAXτnnεrn!e(rn)22(n+1)(rn)nΣk=0ne2πikn+1ηm(ηαj+1ηrne2πikn+1)b
1ηm(ηαj+1ηrne2πikn+1)hom1ηαjηrne2πikn+1εn.

We first trace over a′ mode to get the density matrix of mode b′, εn, εr and hom.

ρ̂b,εn,εr,hom=Tra(ΦΦ)=Σi=1414ΩiΩi,

i.e., the density matrix for mode b′, εn, εr and hom is made up of 4 different pure states |Ωi〉 dependingAlice’s measurement of the photon counting on mode a′. This exactly corresponds to the case in which Alice prepares one of the four coherent states and sends it to Bob. For each of the |Ωi〉, Bob then make a homodynemeasurement on his mode b′. As have been discussed, the outcome of the homodyne measurement is a gaussian distributed continuous random variable with average value ui=(ηηmαi)) and variance VS. Physically, for each of the |Ωi〉, Bob’s measurement outcome has infinite possibilities. However, only those values distributed close to ui occur with high possibility. As an approximation, out simulation only takes the value in the range of [ui−6√VS,ui+6√VS]. Another approximation is that instead of processing the continuous data in the range [ui−6√VS,ui+6√VS], we divided it into XMAX bins with equal widths and made un approximation that Bob’s measurement only has XMAX different possibilities instead of infinite possibilities. Suppose each bin has left bound lbi,k and right bound rbi,k, with 1≤kXMAX. Then the measurement result is Xi,k=(lbi,k+rbi,k)/2 with possibility p(Xi,k)=12πVSlbi,krbi,kexp((xui)22VS)dx. The density matrix for mode εn, εr and hom can be approximately written as

ρ̂εn,εr,hom=Trb(ρ̂b,εn,εr,hom)=Σi=1414Σk=1XMAXp(Xi,k)Xi,kΩiΩiXi,kΩiXi,kXi,kΩi=Σi=1414Σk=1XMAXp(Xi,kψi,kψi,k),

where |ψi,k=Xi,k|ΩiΩi|Xi,kXi,k|Ωi. In order get ρ̂E, we further trace |ψi,k〉〈ψi,k| over mode hom. For low signal-to-noise ratio, the average photon number in mode hom is also low. If we use Fock basis to expand mode hom, we can neglect those quantum states with large photon numbers. Suppose we can present mode hom in Fock space and only keep the states up to HMAX photons. Then

Trhom(ρ̂εn,εr,homi,k)=Σj=0HMAXhomj|ψi,kψi,k|jhom.

Therefore, ρ̂E can be written as

ρ̂E=Σi=1414Σk=1XMAXp(Xi,k)Σj=0HMAXjψi,kψi,kj=Σi=1414Σk=1XMAXp(Xi,k)Σj=0HMAXp(jXi,k)εi,j,kεi,j,k,

where |εi,j,k=j|ψi,kψi,k|jj|ψi,k and p(j|Xi,k)=〈ψi,k|j〉〈j|ψi,k〉. Here we ignored the subscript for |jhom. We define a global possibility p(εi,j,k)=14p(Xi,k)p(j|Xi,k), then we can rewrite ρ̂E in the Eq. (51)

ρ̂E=Σi,j,kp(|εi,j,k)εi,j,kεi,j,k,

where we omitted the subscript E used to describe the mode. The problem of calculating the von Neumann entropy S(ρ̂E) is equivalent to solving the eigenvalue of the correspondingGram matrix [28]. Each element of the Gram matrix is

Gijk,ijk=p(|εi,j,k)p(|εi,j,k)εi,j,k|εi,j,k.

The non-zero eigenvalues of G are equivalent to the non-zero eigenvalues of ρ̂E. Suppose the non-zero eigenvalues of G are {λ 1,λ 2,…,λn}, then

S(ρ̂E)=Σi=1nλilog2(λi).

The next thing that we are interested in is p(|εi,j,k〉|q=1) for calculating S(ρ̂E|q=1). We first rewrite p(|εi,j,k〉|q=1) according to Bayes’ theorem,

p(εi,j,kq=1)=p(q=1||εi,j,k)p(|εi,j,k)p(q=1).

What we need to calculate is just the first term of the nominator. This was calculated as follows:

p(q=1||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVel0exp[(yx)22Vel]dydx12πVSlbi,krbi,kexp[(xui)22VS]dx.

ρ̂E|q=1=∑i,j,kp(|εi,j,k〉|q=1)|εi,j,k〉 we can calculate S(ρ̂E|q=1) following the Gram matrix that we have discussed above.

For the post-selection case, we need to calculate p(|εi,j,k〉|q≠0). As what we’ve done above, we first rewrite it according to the Bayes’ theorem.

p(εi,j,kq0)=p(q0εi,j,k)p(|εi,j,k)p(q0).

What we need to calculate is just the first term of the nominator. The method that we used to calculate this term is

p(q0||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVel(Texp[(yx)22Vel]+Texp[(yx)22Vel])dydx12πVSlbi,krbi,kexp[(xui)22VS]dx.

Then ρ̂E=∑i,j,kp(|εi,j,k〉|q≠0)|εi,j,k〉. We can then use the Gram matrix to calculate S(ρ̂E).

In order to calculate S(ρ̂E|q=1) in the case with post-selection, we need to calculate the possibility p(|εi,j,k〉|q=1). We first rewrite it according to Bayes’ theorem, which can be found in Eq. (54). But now the first term must be calculated differently. We can calculate it as Eq. (58),

p(q=1||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVelTexp[(yx)22Vel]dydx12πVSlbi,krbi,kexp[(xui)22VS]dx.

Finally, we can get ρ̂E|q=1 and calculate S(ρ̂E|q=1) according the above methods.

In order to demonstrate the accuracy of our numerical simulation results, we first compare it with the analytical solution in the limit of no excess noise. Here we picked up τ=1×10−6 in our numerical simulation. It shows that the difference of ΔI is only 6.5804×10−7 between numerical simulation and analytical results.

In the end, we give the comparison of the result we get by setting different parameters, i.e., EMAX, XMAX, HMAX and rk. We can see that when EMAX>2, XMAX>20, HMAX>6 and rk<0.1, we can see only tiny difference among different simulations. We believe that the simulation results are accurate enough for those parameters.

The simulation results with different parameters are shown in the TABLE 1. We took the secrecy capacity obtained at 25km without post-selection with EMAX=2, XMAX=20, HMAX=6 and r=0.1 as a reference and note it as ΔIref. We give the difference of ΔI * with the reference. We calculated ΔIrefΔI*ˉ and put the values into the TABLE 1.

From the results, we see that if we set EMAX=2, XMAX=20, HMAX=6 and r=0.1, we are already very close to the limit because if we further adjust the parameters, we get much less differences. In our final results, we just set EMAX=3, XMAX=30, HMAX=8 and r=0.05. We believe that these parameters give us numerical simulation results that are extremely close to the exact results.

Tables Icon

Table 1. Differences of the secrecy capacity with ΔIref. Here 25km denotes the case of 25 km QIQO CVQKD without post-selection. 25km-ps denotes the case of 25 km QIQO CVQKD with post-selection. 50 km denotes the case of 50 km QIQO CVQKD without post-selection. 50 km-ps denotes the case of 50km QIQO CVQKD with post-selection.

7. Acknowledgments

This research was funded in part by the Agence National de la Recherche as part of the project HQNET. We thank Matthieu Bloch for discussions regarding LDPC coding.

References and links

1. C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.

2. A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991). [CrossRef]   [PubMed]  

3. M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).

4. S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005). [CrossRef]  

5. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003). [CrossRef]   [PubMed]  

6. N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001). [CrossRef]  

7. F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).

8. F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002) [CrossRef]   [PubMed]  

9. R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006). [CrossRef]  

10. F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005). [CrossRef]   [PubMed]  

11. M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005). [CrossRef]   [PubMed]  

12. R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef]   [PubMed]  

13. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef]   [PubMed]  

14. J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]  

15. M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007). [CrossRef]  

16. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

17. Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009). [CrossRef]  

18. Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

19. C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006). [CrossRef]  

20. A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005). [CrossRef]   [PubMed]  

21. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007). [CrossRef]  

22. J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

23. V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

24. R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory , 47, 1 pp 474–478 (2001). [CrossRef]  

25. K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.

26. Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.

27. J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995). [CrossRef]  

28. R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

References

  • View by:
  • |
  • |
  • |

  1. C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.
  2. A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
    [Crossref] [PubMed]
  3. M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).
  4. S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005).
    [Crossref]
  5. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
    [Crossref] [PubMed]
  6. N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001).
    [Crossref]
  7. F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).
  8. F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002)
    [Crossref] [PubMed]
  9. R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006).
    [Crossref]
  10. F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005).
    [Crossref] [PubMed]
  11. M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005).
    [Crossref] [PubMed]
  12. R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006).
    [Crossref] [PubMed]
  13. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006).
    [Crossref] [PubMed]
  14. J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
    [Crossref]
  15. M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007).
    [Crossref]
  16. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).
  17. Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
    [Crossref]
  18. Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).
  19. C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
    [Crossref]
  20. A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
    [Crossref] [PubMed]
  21. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
    [Crossref]
  22. J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).
  23. V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).
  24. R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory,  47, 1 pp 474–478 (2001).
    [Crossref]
  25. K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.
  26. Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.
  27. J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
    [Crossref]
  28. R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

2009 (1)

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
[Crossref]

2007 (3)

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007).
[Crossref]

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

2006 (4)

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006).
[Crossref]

R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006).
[Crossref] [PubMed]

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006).
[Crossref] [PubMed]

2005 (4)

F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005).
[Crossref] [PubMed]

M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005).
[Crossref] [PubMed]

S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005).
[Crossref]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

2003 (1)

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

2002 (2)

F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002)
[Crossref] [PubMed]

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

2001 (2)

N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001).
[Crossref]

R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory,  47, 1 pp 474–478 (2001).
[Crossref]

2000 (1)

V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

1995 (1)

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
[Crossref]

1991 (1)

A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
[Crossref] [PubMed]

Acín, A.

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006).
[Crossref] [PubMed]

M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005).
[Crossref] [PubMed]

Adam, P.

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
[Crossref]

Ahlswede, R.

R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory,  47, 1 pp 474–478 (2001).
[Crossref]

Alton, D. J.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

Assad, S. M.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

Bechmann-Pasquinucci, H.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

Bennett, C. H.

C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.

Bloch, M.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Bowen, W. P.

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

Braunstein, S. L.

S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005).
[Crossref]

Brouri, R.

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

Bu?ek, V.

V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

Cerf, N. J.

R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006).
[Crossref] [PubMed]

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001).
[Crossref]

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

Cerf, N.J.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Chuang, I. L.

M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).

Dabeer, O.

J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

Debuisschert, T.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Diamanti, E.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Domokos, P.

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
[Crossref]

Drobný, G.

V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

Dušek, M.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

Ekert, A. K.

A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
[Crossref] [PubMed]

Fossier, S.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Garcia-Patron, R.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

García-Patrón, R.

R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006).
[Crossref] [PubMed]

Grangier, P.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002)
[Crossref] [PubMed]

F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).

Grassard, G.

C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.

Grosshans, F.

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006).
[Crossref] [PubMed]

F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005).
[Crossref] [PubMed]

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002)
[Crossref] [PubMed]

F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).

Heid, M.

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
[Crossref]

M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007).
[Crossref]

Hirano, T.

R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006).
[Crossref]

Janszky, J.

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
[Crossref]

Jozsa, R.

R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

Karpov, E.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Khandekar, K.

K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.

Lam, P. K.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Lance, A. M.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Leuchs, G.

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

Lévy, M.

N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001).
[Crossref]

Lober, P.

R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory,  47, 1 pp 474–478 (2001).
[Crossref]

Lodewyck, J.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Lütkenhaus, N.

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
[Crossref]

M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007).
[Crossref]

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

Madhow, U.

J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

McEliece, R. J.

K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.

McLaughlin, S. W.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Namiki, R.

R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006).
[Crossref]

Navascués, M.

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006).
[Crossref] [PubMed]

M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005).
[Crossref] [PubMed]

Nielsen, M. A.

M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).

Peev, M.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

Ralph, T. C.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Ralph, T.C.

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

Rigas, J.

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
[Crossref]

Scarani, V.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

Schlienz, J.

R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

Sharma, V.

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Silberhorn, Ch.

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

Singh, J.

J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

Symul, T.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Szabó, S.

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
[Crossref]

Tualle-Brouri, R.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

Van Assche, G.

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001).
[Crossref]

Van Loock, P.

S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005).
[Crossref]

Voss, P. L.

Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.

Weedbrook, C.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Wenger, J.

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

Zhang, Z.

Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.

Zhao, Y.

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
[Crossref]

IEEE Trans. Inf. Theory (1)

R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory,  47, 1 pp 474–478 (2001).
[Crossref]

J. Mod. Opt. (1)

V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

Nature (1)

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
[Crossref] [PubMed]

Phys. Rev. A (9)

N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001).
[Crossref]

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007).
[Crossref]

M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007).
[Crossref]

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009).
[Crossref]

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006).
[Crossref]

R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006).
[Crossref]

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007).
[Crossref]

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995).
[Crossref]

Phys. Rev. Lett. (7)

F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002)
[Crossref] [PubMed]

F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005).
[Crossref] [PubMed]

M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005).
[Crossref] [PubMed]

R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006).
[Crossref] [PubMed]

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006).
[Crossref] [PubMed]

A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991).
[Crossref] [PubMed]

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005).
[Crossref] [PubMed]

Rev. Mod. Phys. (1)

S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005).
[Crossref]

Other (8)

C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.

M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).

J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.

Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.

Cited By

OSA participates in Crossref's Cited-By Linking service. Citing articles from OSA journals and other participating publishers are listed here.

Alert me when this article is cited.


Figures (6)

Fig. 1.
Fig. 1. Alice’s encoding scheme in which she only sends four different coherent states.
Fig. 2.
Fig. 2. Model of relevant quantum channels. ρ̂εn and ρ̂εr , density matrices produced by Eve’s EPR source; ρ̂a, density matrix of signal sent by Alice; ρ̂b and ρ̂ b, density matrix before Bob’s detector inefficiencies and after detector inefficiencies; ρ̂εn , density matrix post-beamsplitter, measured by Eve; ρ^ hom, density matrix of equivalent mode consisting of light lost to detector inefficiencies. τ is the squeezing parameter of EPR source, η is the channel efficiency, and η m is Bob’s detector efficiency.
Fig. 3.
Fig. 3. Eve’s attack operator M̂ can be decomposed into three sub-operators Ô,P̂ and Q̂, which give the same output quantum states.
Fig. 4.
Fig. 4. Bob’s decision rule under post-selection. Here σS =√VS and σel =√Vel .
Fig. 5.
Fig. 5. The secrecy capacity and required reconciliation efficiency for the system without post-selection.
Fig. 6.
Fig. 6. The secrecy capacity, required reconciliation efficiency and the error rate on the BSC channel of the system with post-selection

Tables (1)

Tables Icon

Table 1. Differences of the secrecy capacity with ΔIref . Here 25km denotes the case of 25 km QIQO CVQKD without post-selection. 25km-ps denotes the case of 25 km QIQO CVQKD with post-selection. 50 km denotes the case of 50 km QIQO CVQKD without post-selection. 50 km-ps denotes the case of 50km QIQO CVQKD with post-selection.

Equations (59)

Equations on this page are rendered with MathJax. Learn more.

b̂=ηâ+1ηε̂n,
Q̂b=ηQ̂a+1ηQ̂εn.
Pb(q)=Pa(ηq)*Pεn(1ηq),
ΔI=I(A;B)χ(B;E),
ΔI=β I (A;B)χ(B;E).
β0I(A;B)χ(B;E)=0 .
eAB=112πSNRex22dx.
I(A;B)=1h(eAB),
χ(B;E)=S(ρ̂E)ΣipiS(ρ̂E|q=i),
χ(B;E)=S(ρ̂E)12S(ρ̂E|q=1)12S(ρ̂E|q=1)=S(ρ̂E)S(ρ̂E|q=1)
ρ̂E=Σi=14141ηαi1ηαi.
ρ̂E|q=1=Σi=14pi|q=1η1αiη1αi.
VB=VS+Vel.
SNR=ui2VB,
SNR=2{ηηmαi}Vs+Vel .
|Φi=M̂(ΨEαi) ,
ρbi=T rE (ΦiΦi) .
ρ̂εn=Trr[Ô(ΨEΨ)ô],
P̂=[η1η1ηη].
Q̂=M̂ÔP̂.
ρ̂εn=(1τ2)Σn=0τ2nnn.
ρ̂εn=Trεr(Ψεn,εrΨ) ,
Ψεn,εr=1τ2n=0τnnεnϕ(n)εr,
ΨA=Σi=1412αiaia,
|Φ=B̂b,hom(ηm)B̂a,εn(η)|ψA|Ψεn,εr|0hom,
ΞX=bXΦΦXbXΦ,
ρ̂EX=Tra,hom(ΞXΞX).
p(ρ̂EX)=ΦXbXΦ.
ρ̂E= p (ρ̂EX) ρ̂EX dx
ρ̂E|q=1= p (ρ̂EX|q=1)ρ̂EXdx.
p(ρ̂EX|q=1)=p(ρ̂EX)p(q=1|ρ̂EX)p(q=1).
p(q=1|ρ̂EX)=12πVelXexp(x22Vel)dx.
nth=(1τ2)Σn=0nτ2n=τ21τ2.
VB=VS+12(1η)ηmnth+Vel.
SNR=2{ηηmαi}Vs+12(1η)ηmτ21τ2+Vel.
p(ρ̂EX|q0)=p(q0|ρ̂EX)p(ρ̂EX)p(q0)
p(q0|ρ̂EX)=12πVel[(TX)exp(x22Vel)+(T+X)exp(x22Vel)].
p(q0)=12πVB[(Tui)exp(x22VB)+(T+ui)exp(x22VB)].
ρ̂EX= p (ρ̂EX|q0) ρ̂EX dx .
p(q=1|ρ̂EX)=12πVel(TX)exp(x22Vel)dx.
eAB=p(q=1Aliceencodesα1)p(q0)=(T+ui)exp(x22VB)dx(Tui)exp(x22VB)dx+(T+ui)exp(x22VB)dx.
|Ψεn,εr=1τ2Σn=0EMAXτnnεnϕ(n)εr.
|n,r=c (r)n!er22(n+1)rnΣk=0n e2πin+1k|re2πin+1k,
|n,r0=n.
1cn2=n!(2n+1)!r2(n+1)+o(r4(n+1)),
Φ=c(r)1τ2Σj=1412jaΣn=0EMAXτnnεrn!e(rn)22(n+1)(rn)nΣk=0ne2πikn+1ηm(ηαj+1ηrne2πikn+1)b
1ηm(ηαj+1ηrne2πikn+1)hom1ηαjηrne2πikn+1εn.
ρ̂b,εn,εr,hom=Tra(ΦΦ)=Σi=1414ΩiΩi,
ρ̂εn,εr,hom=Trb(ρ̂b,εn,εr,hom)=Σi=1414Σk=1XMAXp(Xi,k)Xi,kΩiΩiXi,kΩiXi,kXi,kΩi=Σi=1414Σk=1XMAXp (Xi,kψi,kψi,k) ,
Trhom(ρ̂εn,εr,homi,k)=Σj=0HMAXhomj|ψi,kψi,k|jhom.
ρ̂E = Σi=14 14 Σk=1XMAX p (Xi,k) Σj=0HMAX jψi,k ψi,kj = Σi=14 14 Σk=1XMAX p (Xi,k)Σj=0HMAXp(jXi,k)εi,j,kεi,j,k,
ρ̂E=Σi,j,kp(|εi,j,k) εi,j,kεi,j,k,
Gijk,ijk=p(|εi,j,k)p (|εi,j,k) εi,j,k|εi,j,k .
S(ρ̂E)=Σi=1nλilog2(λi).
p(εi,j,kq=1)=p(q=1||εi,j,k)p(|εi,j,k)p(q=1).
p(q=1||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVel0exp[(yx)22Vel]dydx12πVSlbi,krbi,kexp[(xui)22VS]dx .
p(εi,j,kq0)=p(q0εi,j,k)p(|εi,j,k)p(q0) .
p(q0||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVel(Texp[(yx)22Vel]+Texp[(yx)22Vel])dydx12πVSlbi,krbi,kexp[(xui)22VS]dx .
p(q=1||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVelTexp[(yx)22Vel]dydx12πVSlbi,krbi,kexp[(xui)22VS]dx .

Metrics